Skillv1.0.0

ClawScan security

Lovefromio Voice Wake Say · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 2:06 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (using macOS 'say' to speak responses) matches its description, but there are packaging and instruction inconsistencies (missing macOS restriction, undeclared env vars, metadata/version mismatch) and a small runtime safety concern around executing shell commands with user-provided text.
Guidance: This skill appears to do what it says (speak replies using macOS 'say'), but there are a few things to check before installing: 1) It only works on macOS but the metadata doesn't declare that — avoid installing on non-macOS agents. 2) The instructions run a shell pipeline with user-controlled SPOKEN_TEXT; verify your agent runtime will properly quote/escape variables to avoid command-injection risks (or prefer an API that avoids shell interpolation). 3) SKILL.md references optional env vars (SAY_VOICE, SAY_RATE) that aren't declared — confirm whether you need to set these and that they won't leak sensitive info. 4) The included _meta.json metadata (ownerId/version) doesn't match the registry metadata — this is a packaging inconsistency; prefer skills with clear, consistent provenance. If you trust the owner and run on macOS, the functionality is reasonable; otherwise treat it cautiously or request a fixed packaging that declares OS restrictions and documents expected env vars and safe execution behavior.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (use macOS 'say' to vocalize replies when a message starts with a specific trigger) aligns with the SKILL.md instructions. However the registry metadata does not declare an OS restriction even though the tool only works on macOS — this is a packaging inconsistency that could lead to it being installed or invoked on unsupported platforms.
Instruction Scope: concernSKILL.md instructs the agent to run a local shell pipeline: printf '%s' "$SPOKEN_TEXT" | say. Executing local TTS is expected for this skill, but any runtime that fails to properly quote/escape SPOKEN_TEXT could be vulnerable to command injection. The instructions also reference optional env vars (SAY_VOICE, SAY_RATE) and require checking each message for the exact trigger phrase; those env vars are not declared elsewhere (see environment_proportionality).
Install Mechanism: okThere is no install spec and no code files — instruction-only skills are lowest-risk from an installation standpoint. Nothing is downloaded or written to disk by the skill itself.
Credentials: noteThe skill declares no required environment variables, but SKILL.md mentions optional env vars (SAY_VOICE, SAY_RATE) that are not declared in the metadata. This is a minor mismatch; no sensitive credentials are requested, but the missing declaration reduces clarity about what the skill might read from the environment.
Persistence & Privilege: okalways is false and the skill has no install or persistence behavior. It does not request elevated privileges or modify other skills/configuration.